Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access control checks. Attackers can exploit this to store arbitrary SQL queries in $_SESSION['sqlquery'] by manipulating these parameters, potentially leading to session poisoning, stored cross-site scripting, or unauthorized access to sensitive session data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpPgAdmin 安全漏洞
Vulnerability Description
phpPgAdmin是phppgadmin开源的一个应用软件。用于 postgresql 的首要基于 Web 的管理工具。 phpPgAdmin 7.13.0及之前版本存在安全漏洞,该漏洞源于sql.php中未进行适当的验证或访问控制检查,可能导致会话投毒或存储型跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A